Disabling Zero Touch Provisioning (ZTP) and setting up a basic configuration on a Palo Alto Networks firewall requires administrative access to the device, either through the command-line interface (CLI) or the web-based interface (WebUI).
Disable ZTP using GUI
1.Connect to the firewall’s management IP address using a web browser.
2.Login using the default credentials (username: admin, password: admin). You may see the window below to select the mode, when you have no need to use ZTP mode, click “Standard Mode”, however, it may give you an error as below “Request-> set is unexpected“
Disable ZTP Using CLI:
You have to use CLI if that is the case
- Connect to the firewall using SSH or a direct console connection.
- Login using the default credentials (username:
admin, password:admin).
set system ztp disable
Basic Management Interface Config
set deviceconfig system type static
set deviceconfig system ip-address YOUR_IP_ADDRESS netmask YOUR_NETMASK default-gateway YOUR_DEFAULT_GATEWAY dns-setting servers primary YOUR_DNS_SERVERFor example
set deviceconfig system type static
set deviceconfig system ip-address 10.0.8.3
set deviceconfig system netmask 255.255.255.0
set deviceconfig system default-gateway 10.0.8.1
set deviceconfig system dns-setting servers primary 8.8.8.8
set deviceconfig system dns-setting servers secondary 1.1.1.1IMPORTANT NOTE:
By default, Palo Alto firewall management interface is NOT pingable, don’t troubleshoot if you cannot ping it.
Useful links
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClN7CAK